package com.samshow.config;

import com.samshow.filter.GatewayCORSFilter;
import com.samshow.filter.GatewaySecurityFilter;
import com.samshow.service.UserDetailService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

/**
 * Created by Administrator on 2017/1/13.
 */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled =true)
@EnableWebSecurity
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
@ComponentScan
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {

    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(useretailService());

    }

    @Bean
    public UserDetailsService useretailService() {
        return new UserDetailService();
    }

    @Bean
    public SecurityMetadataSource securityMetadataSource(){
        return new GatawaySecurityMetadataSource();
    }

    @Bean
    public AccessDecisionManager accessDecisionManager(){
        return new GateWayAccessDecisionManager();
    }
    @Bean
    public AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }
    @Autowired
    private LoginSuccessHandler loginSuccessHandler;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        GatewaySecurityFilter gatewaySecurityFilter = new GatewaySecurityFilter(securityMetadataSource(),accessDecisionManager(),authenticationManager());
        GatewayCORSFilter gatewayCORSFilter = new GatewayCORSFilter();
        // @formatter:off
        http
            .httpBasic().and()
            .formLogin().successHandler(loginSuccessHandler).and()
            .logout().and()
            .authorizeRequests()
//            .antMatchers("/index.html", "/login", "/").permitAll()
            .anyRequest().authenticated()
            .and().rememberMe().and()
            .csrf().disable()
            .addFilterBefore(gatewaySecurityFilter, FilterSecurityInterceptor.class)
            .addFilterBefore(gatewayCORSFilter, ChannelProcessingFilter.class);
        //    .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
        // @formatter:on
    }

}
